Experimental Docker image for a DNS server implementing xip.io style DNS wildcards, more conventional glob style DNS wildcard mappings, as well as pass through for all other lookups.

This could be done using a very lightweight Docker image, but I am using the Twisted framework from Python as it more easily allows me to experiment with intercepting DNS lookups for other purposes.

To build the image:

docker build -t wildcard-dns-server .

Use Docker to run the image. When doing this you should map ports for both TCP and UDP ports of the DNS server.

docker run -e --rm -p 53:10053/tcp -p 53:10053/udp wildcard-dns-server

By default the IP wildcards will use the xip.io domain as the default. To override the domain use the WILDCARD_DOMAIN environment variable.

docker run --rm -p 53:10053/tcp -p 53:10053/udp \
 -e WILDCARD_DOMAIN=wildcard.dev wildcard-dns-server

To test that the latter works, use the command:

dig @$(docker-machine ip default) myapp.10.2.2.2.wildcard.dev A +short

In this example, you should get the result 10.2.2.2. Also try with other valid public addresses such as www.google.com and you should get back a list of the IPs for that service.

By default Google DNS servers are used as fallback. If you wish to use alternate name servers, you can specify them using the NAME_SERVERS environment variable when running the image. The value should be a comma separate list of name server hosts. An optional port may be specified for any host by including it after the host name, separated by a ':'.

To provide a mapping of explicit host names, or using glob style DNS wildcard matches, you need to supply a JSON file defining the mappings.

{
    "*.foo.com": "127.0.0.1",
    "www.bar.com": "bar.com",
    "bar.com": "127.0.0.1",
    "search.com": "www.google.com"
}

The target of the match should be an IP address, or a host name. Where it maps to a host name, that should be resolvable via subsequent applications of the mapping table, or via a public DNS lookup.

To get the mapping table into the running image, you should use volume mounting, as well as use the MAPPED_HOSTS environment variable to specify the location of the JSON file.

docker run -e --rm -p 53:10053/tcp -p 53:10053/udp \
 -e MAPPED_HOSTS=/usr/src/app/etc/mappings.json \
 -v `pwd`/etc:/usr/src/app/etc wildcard-dns-server

If you don't want to build the image yourself and are happy to trust an automated build image from Docker Hub Registry, then you can pull it down from there.

docker pull grahamdumpleton/wildcard-dns-server

The image uses the official Docker python:2.7-onbuild image as the base image. As per best practice security measures, the image is set up not to run as root, using the default www-data user.

Once you are happy that the image is running okay, then update the DNS settings of your system to point at the IP address of the Docker service host. You can get the IP address of the Docker service host by running:

docker-machine ip default

Note that for some systems, eg., MacOS X, there is no DNS active at all when you have no active WiFi or Ethernet connection. You cannot therefore readily still use this to allow local offline development for xip.io style addresses. You would in this case still need to be connected to an ethernet router, or need something like a physical ethernet loop back dongle to trick the operating system into thinking you have an actual connection.

To debug DNS lookups as they pass through the DNS server implemented by the image, you can set the DEBUG_LEVEL environment variable. The highest level of debug is 3.

docker run --rm -p 53:10053/tcp -p 53:10053/udp \
 -e DEBUG_LEVEL=3 -e WILDCARD_DOMAIN=wildcard.dev wildcard-dns-server

At the highest level you can see wildcard DNS name matches, as well as pass through requests.

nameservers [('8.8.8.8', 53), ('8.8.4.4', 53)]
wildcard .*\.(?P<ipaddr>\d+\.\d+\.\d+\.\d+)\.wildcard\.dev
address myapp.10.2.2.2.wildcard.dev
lookup myapp.10.2.2.2.wildcard.dev
wildcard myapp.10.2.2.2.wildcard.dev --> 10.2.2.2
address www.google.com
lookup www.google.com
fallback www.google.com